CERTIFIED-IN-CYBERSECURITY · Question #208
CERTIFIED-IN-CYBERSECURITY Question #208: Real Exam Question with Answer & Explanation
The correct answer is A: Determine the value of each asset. After creating a list of assets in a business impact analysis, the next step is to determine the value of each asset (see the ISC2 Study Guide, Module 2, under Business Impact Analysis). This step is critical because it allows the organization to prioritize its recovery efforts a
Question
When developing a business impact analysis, what should be the next step after creating a list of assets?
Options
- ADetermine the value of each asset
- BEvaluate the risks associated with each asset
- CIdentify the threats that each asset faces
- DAssess the vulnerabilities present in each asset
Explanation
After creating a list of assets in a business impact analysis, the next step is to determine the value of each asset (see the ISC2 Study Guide, Module 2, under Business Impact Analysis). This step is critical because it allows the organization to prioritize its recovery efforts and allocate resources effectively. For example, an organization may identify its customer database as a high- value asset due to the sensitive information it contains and the potential business impact if it were compromised. Assessing vulnerabilities, evaluating risk, and identifying threats are important steps in the overall risk management process. However, they are not the immediate next steps in a business impact analysis. These steps are more related to risk assessment, which is a different process. A business impact analysis is primarily concerned with understanding the potential impact of disruptions to critical business functions and prioritizing recovery efforts based on the value of the assets. Therefore, determining the value of each asset is the logical next step after listing the assets in a business impact analysis.
Topics
Community Discussion
No community discussion yet for this question.